RESPECT YOUR DATA

Limit and protect the data you collect and retain.

Protecting your users’ privacy requires you to be thoughtful about the data you collect and hold. By carefully considering the costs and benefits of collecting data and by properly safeguarding the information that you do collect, you may prevent privacy harms and increase consumer trust in your product.

Your product has a purpose, and that purpose should help you identify the information you actually need. Blindly or willfully grabbing information beyond that can subject your product to bad press, excessive government demands, or even financial penalties. Build trust with your users instead by only collecting information as needed.

85% of consumers limit how or whether they use a mobile app based on privacy concerns (2012).

RETAIN DATA ONLY AS LONG AS YOU NEED IT.

Just because you need location information to make your service work doesn’t mean you actually need to keep that information. Determine how long you need to keep the data you do collect and delete it once it is no longer necessary to accomplish the purpose for which it was collected. This helps ensure that you’re not retaining information that users don’t expect you to keep and reduces the potential harm of data breach and other privacy hazards.

Sonic.net has been widely lauded for cutting its retention period for user logs down to two weeks. Faced with “a string of legal requests for its users’ data,” the CEO asked engineers to evaluate the company’s actual storage needs to see if reducing data retention could help “protect my customers.” The company determined that a two week retention period was more than adequate to address spam and security issues and properly balanced “an ability to help law enforcement when it’s morally right to do so” with protecting users.